Amazon Web Services Connector

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

The Amazon Web Services (AWS) connector provides real-time visibility and inventory of EC2 instances in your AWS account.

To import and analyze information about EC2 instances in AWS, you must first configure AWS to support your connector configuration, then create an AWS connector in Tenable.io.

You can create an AWS connector to discover AWS assets and import them to Tenable.io. Assets discovered through the connectors do not count against the license until and unless the asset is scanned for vulnerabilities.

To assess AWS assets for vulnerabilities, Tenable recommends that you use Frictionless Assessment to assess for vulnerabilities in the cloud. Alternatively, you can run a Nessus scanner or agent scan, which runs plugins locally on the host.

Goal Connector type

Discover AWS assets and assess for vulnerabilities using Frictionless Assessment

The cloud connector discovers AWS assets and collects an inventory of data points on your AWS EC2 instances, then assesses the hosts for vulnerabilities in the cloud, rather than running plugins locally on the host.

For more information, see Frictionless Assessment for AWS .

  • Keyless authentication with Frictionless Assessment enabled

Discover AWS assets

The cloud connector discovers AWS assets without assessing them for vulnerabilities. Optionally, you can scan discovered assets later using a Nessus scanner or agent scan.

For more information, see AWS Cloud Connector (Discovery Only).

  • Keyless authentication (recommended)

  • Key-based authentication

To manage existing AWS connectors, see Manage Connectors.

Tip: For descriptions of common connector errors, see Connectors in the Tenable Developer Portal.